Lua Envoy 上游代理

我正在寻找一种方法，用 Envoy 过滤器替换 Kong 中一些登录逻辑，以使用 Istio 中的 Envoy 过滤器对特定网址（如上游）进行权限检查。

apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
  name: api-auth
  namespace: api
spec:
  workloadLabels:
    app: api
  filters:
  - listenerMatch:
      listenerType: SIDECAR_INBOUND
      listenerProtocol: HTTP
    filterName: envoy.lua
    filterType: HTTP
    filterConfig:
      inlineCode: |
        function version()
            return "v1"
        end

        function log(handle, value)
            handle:logInfo(version() .. ": " .. value)
        end

        function dump(o)
           if type(o) == 'table' then
              local s = '{ '
              for k,v in pairs(o) do
                 if type(k) ~= 'number' then k = '"'..k..'"' end
                 s = s .. '['..k..'] = ' .. dump(v) .. ','
              end
              return s .. '} '
           else
              return tostring(o)
           end
        end

        function is_empty(value)
            return value == nil or value == ""
        end

        function get_header(handle, header)
            return handle:headers():get(header)
        end

        function envoy_on_request(request_handle)

          local auth_host = "auth-service.services.svc.cluster.local"
          local path = "/api/v1/has-permission"

          local cluster = "outbound|8080||" .. auth_host

          local request_headers = {
              [":method"] = "POST",
              [":path"] = path,
              [":authority"] = auth_host,
              ["Authorization"] = get_header(request_handle, "Authorization")
          }

          local request_body = ""

          local timeout = 5000 --ms

          log(request_handle, "发送 auth 请求， headers: " .. dump(request_headers) .. ", request_body: " .. request_body .. ", 超时: " .. timeout)

          local response_headers, response_body = request_handle:httpCall(
              tostring(cluster),
              request_headers,
              request_body,
              timeout
          )

          log(request_handle, "response_headers: " .. dump(response_headers))
          log(request_handle, "response_body: " .. dump(response_body))

          if tonumber(response_headers[":status"]) ~= 200 then
              log(request_handle, "Key Authentication Failed")
              request_handle:respond(
                              {[":status"] = response_headers[":status"]},
                              response_body
                      )
              do return end
          end
        end

这是我的 Lua，但我还缺少一些东西，需要在我的 POST 请求正文中发送额外的参数。

工作示例 curl：

curl -i 'https://foo-api.com/list' \
-H 'Connection: keep-alive' \
-H 'Pragma: no-cache' \
-H 'Cache-Control: no-cache' \
-H 'AuthCode: cmdpby50ZWl4ZWlyYUBqdW1pYS5jb20iLCJleHAiOjE1ODUwNDg2MjIsImlzcyI6ImZpcmV3b3JrcyJ9.JkvIhmQuumS32HhSzKuAhpPvjLVwOrRJXwajMjBU9Ag' \
-H 'Accept-Language: en' \
-H 'Authorization: Bearer 6InNlcmdpby50ZWl4ZWlyYUBqdW1pYS5jb20iLCJleHAiOjE1ODUwNDg2MjIsImlzcyI6ImZpcmV3b3JrcyJ9.JkvIhmQuumS32HhSzKuAhpPvjLVwOrRJXwajMjBU9Ag' \
-H 'Accept: application/json, text/plain, */*' \
-H 'Sec-Fetch-Dest: empty' \
-H 'application: COMPANYCODE'

我该如何在 Lua 中发送这种内容作为 POST 请求的一部分？

谢谢并致以最好的问候